CVE-2025-32386 - Vulnerability Details

Link	Providers
https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p
https://nvd.nist.gov/vuln/detail/CVE-2025-32386
https://www.cve.org/CVERecord?id=CVE-2025-32386

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-32386 https://www.cve.org/CVERecord?id=CVE-2025-32386
Metrics	threat_severity `None`	threat_severity `Moderate`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
Title		Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Weaknesses		CWE-770 CWE-789
References		https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7 https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32386", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-06T19:46:02.462Z", "datePublished": "2025-04-09T22:28:44.142Z", "dateUpdated": "2025-04-10T13:39:53.113Z"}, "containers": {"cna": {"title": "Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination", "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p"}, {"name": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7"}], "affected": [{"vendor": "helm", "product": "helm", "versions": [{"version": "< 3.17.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-09T22:28:44.142Z"}, "descriptions": [{"lang": "en", "value": "Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3."}], "source": {"advisory": "GHSA-4hfp-h4cw-hj8p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T13:39:41.974056Z", "id": "CVE-2025-32386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T13:39:53.113Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-32386 (string)

assignerOrgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

state : PUBLISHED (string)

assignerShortName : GitHub_M (string)

dateReserved : 2025-04-06T19:46:02.462Z (string)

datePublished : 2025-04-09T22:28:44.142Z (string)

dateUpdated : 2025-04-10T13:39:53.113Z (string)

}

containers : { »

cna : { »

title : Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-789 (string)

lang : en (string)

description : CWE-789: Memory Allocation with Excessive Size Value (string)

type : CWE (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

cweId : CWE-770 (string)

lang : en (string)

description : CWE-770: Allocation of Resources Without Limits or Throttling (string)

type : CWE (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

]

references : [ »

0 : { »

name : https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p (string)

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p (string)

}

1 : { »

name : https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7 (string)

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7 (string)

}

]

affected : [ »

0 : { »

vendor : helm (string)

product : helm (string)

versions : [ »

0 : { »

version : < 3.17.3 (string)

status : affected (string)

}

]

}

]

providerMetadata : { »

orgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

shortName : GitHub_M (string)

dateUpdated : 2025-04-09T22:28:44.142Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. (string)

}

]

source : { »

advisory : GHSA-4hfp-h4cw-hj8p (string)

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-04-10T13:39:41.974056Z (string)

id : CVE-2025-32386 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-04-10T13:39:53.113Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32386", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-06T19:46:02.462Z", "datePublished": "2025-04-09T22:28:44.142Z", "dateUpdated": "2025-04-10T13:39:53.113Z"}, "containers": {"cna": {"title": "Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination", "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p"}, {"name": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7"}], "affected": [{"vendor": "helm", "product": "helm", "versions": [{"version": "< 3.17.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-09T22:28:44.142Z"}, "descriptions": [{"lang": "en", "value": "Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3."}], "source": {"advisory": "GHSA-4hfp-h4cw-hj8p", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-10T13:39:41.974056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T13:39:48.336Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-32386 (string)

assignerOrgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

state : PUBLISHED (string)

assignerShortName : GitHub_M (string)

dateReserved : 2025-04-06T19:46:02.462Z (string)

datePublished : 2025-04-09T22:28:44.142Z (string)

dateUpdated : 2025-04-10T13:39:53.113Z (string)

}

containers : { »

cna : { »

title : Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-789 (string)

lang : en (string)

description : CWE-789: Memory Allocation with Excessive Size Value (string)

type : CWE (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

cweId : CWE-770 (string)

lang : en (string)

description : CWE-770: Allocation of Resources Without Limits or Throttling (string)

type : CWE (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

]

references : [ »

0 : { »

name : https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p (string)

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p (string)

}

1 : { »

name : https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7 (string)

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7 (string)

}

]

affected : [ »

0 : { »

vendor : helm (string)

product : helm (string)

versions : [ »

0 : { »

version : < 3.17.3 (string)

status : affected (string)

}

]

}

]

providerMetadata : { »

orgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

shortName : GitHub_M (string)

dateUpdated : 2025-04-09T22:28:44.142Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. (string)

}

]

source : { »

advisory : GHSA-4hfp-h4cw-hj8p (string)

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2025-32386 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-04-10T13:39:41.974056Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-04-10T13:39:48.336Z (string)

}

]

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3."}, {"lang": "es", "value": " Helm es una herramienta para Charts. Se puede crear un archivo de almacenamiento de gr\u00e1ficos de manera tal que se expanda para que sea significativamente m\u00e1s grande sin comprimir que comprimido (por ejemplo, una diferencia de &gt;800x). Cuando Helm carga este gr\u00e1fico especialmente manipulado, la memoria puede agotarse y provocar que la aplicaci\u00f3n finalice. Este problema se ha resuelto en Helm v3.17.3."}], "id": "CVE-2025-32386", "lastModified": "2025-04-11T15:40:10.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-09T23:15:37.750", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7"}, {"source": "security-advisories@github.com", "url": "https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}, {"lang": "en", "value": "CWE-789"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. (string)

}

1 : { »

lang : es (string)

value : Helm es una herramienta para Charts. Se puede crear un archivo de almacenamiento de gráficos de manera tal que se expanda para que sea significativamente más grande sin comprimir que comprimido (por ejemplo, una diferencia de >800x). Cuando Helm carga este gráfico especialmente manipulado, la memoria puede agotarse y provocar que la aplicación finalice. Este problema se ha resuelto en Helm v3.17.3. (string)

}

]

id : CVE-2025-32386 (string)

lastModified : 2025-04-11T15:40:10.277 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : security-advisories@github.com (string)

type : Secondary (string)

}

]

}

published : 2025-04-09T23:15:37.750 (string)

references : [ »

0 : { »

source : security-advisories@github.com (string)

url : https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7 (string)

}

1 : { »

source : security-advisories@github.com (string)

url : https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p (string)

}

]

sourceIdentifier : security-advisories@github.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-770 (string)

}

1 : { »

lang : en (string)

value : CWE-789 (string)

}

]

source : security-advisories@github.com (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination", "id": "2358755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358755"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "(CWE-770|CWE-789)", "details": ["Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, ensure that any chart archive files being loaded by Helm do not contain files that are large enough to cause the Helm Client or SDK to use up available memory leading to a termination."}, "name": "CVE-2025-32386", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:deployment_validator_operator", "fix_state": "Fix deferred", "package_name": "deployment-validation-operator-container", "product_name": "Deployment Validation Operator"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/addon-manager-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/backplane-rhel9-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/cluster-proxy-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/hypershift-addon-rhel9-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/managed-serviceaccount-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/multicloud-manager-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/placement-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/registration-operator-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/registration-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine-work-container", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-agent-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-operator-bundle", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-rhel9-operator", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-cni-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/pilot-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/proxyv2-rhel9", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-governance-policy-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-multicluster-observability-addon-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-search-v2-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-volsync-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multicloud-integrations-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multiclusterhub-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multicluster-operators-channel-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multicluster-operators-subscription-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Fix deferred", "package_name": "rhdh-orchestrator-dev-preview-beta/controller-rhel9-operator", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-kueue-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/metallb-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/oc-mirror-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-ansible-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-helm-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-olm-rukpak-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-operator-sdk-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Fix deferred", "package_name": "rhtap-cli/rhtap-cli-rhel9", "product_name": "Red Hat Trusted Application Pipeline"}], "public_date": "2025-04-09T22:28:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-32386\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32386\nhttps://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7\nhttps://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p"], "threat_severity": "Moderate"}

{

bugzilla : { »

description : helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination (string)

id : 2358755 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2358755 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : (CWE-770|CWE-789) (string)

details : [ »

0 : Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. (string)

]

mitigation : { »

lang : en:us (string)

value : To mitigate this vulnerability, ensure that any chart archive files being loaded by Helm do not contain files that are large enough to cause the Helm Client or SDK to use up available memory leading to a termination. (string)

}

name : CVE-2025-32386 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:cert_manager:1 (string)